Summary

Vulnerability NameIngress NGINX Controller Remote Code Execution (CVE-2025-1974)

Released on

March 27, 2025

Affected Component

Ingress NGINX Controller

Affected Versions

Versions earlier than 1.11.5

Versions earlier than 1.12.1

Vulnerability Type

Code execution

Exploitation Condition

  1. User authentication: not required.
  2. Precondition: default configurations.
  3. Trigger mode: remote.

Impact

Exploitation difficulty: easy. Attackers can remotely execute code without authorization.

Severity: high. Attackers can remotely execute code without authorization.

Official Solution

Available

About the Vulnerability

Component Introduction

Ingress NGINX Controller is an NGINX-based ingress controller used to implement Ingress resources in Kubernetes environments.

Vulnerability Description

On March 27, 2025, Sangfor FarSight Labs received notification of the Ingress NGINX Controller Remote Code Execution (CVE-2025-1974) vulnerability, classified as critical in threat level.

This vulnerability enables unauthenticated attackers to inject code for remote code execution by exploiting configuration vulnerabilities when Ingress NGINX Controller handles Ingress objects. This may potentially lead to sensitive information leakage in Kubernetes and server compromises.

Affected Versions

Ingress NGINX Controller with a version earlier than 1.11.5 and 1.12.1 will be affected.

Vulnerability Reproduction

Sangfor FarSight Labs has reproduced the vulnerability.

Solutions

Remediation Solutions

Official Solution

The latest version has been officially released to fix the vulnerability. Affected users are advised to update the version of Ingress NGINX Controller to 1.11.5 or 1.12.1.

Download link: https://github.com/kubernetes/ingress-nginx/releases

Sangfor Solutions

Vulnerability Detection

The following Sangfor services can proactively detect CVE-2025-1974 vulnerabilities and quickly identify vulnerability risks in batches:

Sangfor Host Security: The corresponding detection solution will be released on March 30, 2025. The rule ID is SF-2025-00362.

Sangfor TSS: The corresponding detection solution will be released on March 31, 2025. The rule ID is SF-2025-00999.

Sangfor Cyber Guardian Platform: The corresponding detection solution will be released on March 31, 2025. The rule ID is SF-2025-00999. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Sangfor TSS.

Sangfor XDR: The corresponding detection solution will be released on March 30, 2025. The rule ID is SF-2025-00362. In this case, make sure that Sangfor XDR is integrated with Sangfor Host Security.

Vulnerability Monitoring

The following Sangfor services support CVE-2025-1974 vulnerability monitoring, and can quickly identify affected assets and the impact business scope in real time through traffic collection:

Cyber Command: The corresponding monitoring solution will be released on April 03, 2025. The rule ID is 11027469.

Sangfor Cyber Guardian Platform: The corresponding monitoring solution will be released on April 03, 2025. The rule ID is 11027469. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Cyber Command.

Sangfor XDR: The corresponding monitoring solution will be released on April 03, 2025. The rule ID is 11027469.

Vulnerability Protection

The following Sangfor services can effectively block CVE-2025-1974 exploits:

Network Secure: The corresponding protection solution will be released on April 03, 2025. The rule ID is 11027469.

Sangfor Web Application Firewall: The corresponding protection solution will be released on April 03, 2025. The rule ID is 11027469.

Sangfor Cyber Guardian Platform: The corresponding protection solution will be released on April 03, 2025. The rule ID is 11027469. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Network Secure.

Sangfor XDR: The corresponding protection solution will be released on April 03, 2025. The rule ID is 11027469. In this case, make sure that Sangfor XDR is integrated with Network Secure.

Timeline

On March 27, 2025, Sangfor FarSight Labs received notification of the Ingress NGINX Controller Remote Code Execution (CVE-2025-1974) vulnerability.

On March 27, 2025, Sangfor FarSight Labs released a vulnerability alert.

References

https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2025-2783: Google Chrome Sandbox Escape

Date : 01 Apr 2025
Read Now

CVE-2024-55591: FortiOS and FortiProxy Authentication Bypass Vulnerability

Date : 26 Mar 2025
Read Now

Roundup of Microsoft Patch Tuesday (March 2025)

Date : 14 Mar 2025
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)